[Freeipa-devel] [PATCH] 1019 require policycoreutils if SELinux is enabled
Rob Crittenden
rcritten at redhat.com
Tue May 29 20:50:04 UTC 2012
Martin Kosek wrote:
> On Fri, 2012-05-18 at 11:53 -0400, Rob Crittenden wrote:
>> We don't have an explicit requires on the policycoreutils package in the
>> client because SELinux is not required (just recommended).
>>
>> SELinux can be enabled without this package so check for that condition
>> and don't allow installation if it is the case. The resulting install
>> will be rather broken.
>>
>> Also check on the server when installing. This should never happen but
>> in theory it could do the server install then fail in the client because
>> of this.
>>
>> rob
>
> This works fine. I am just thinking if we should not rather use paths
> in /usr/ for the check if a binary exists, i.e. check
> for /usr/sbin/restorecon instead of /sbin/restorecon on Fedora.
>
> If we don't do this we need to be sure that the /sbin -> /usr/sbin
> symlink created during UsrMove will stay on the system.
>
> Martin
>
Ok, that makes sense. Updated patch.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-1019-4-selinux.patch
Type: text/x-diff
Size: 11028 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120529/4ee68b0b/attachment.bin>
More information about the Freeipa-devel
mailing list